A massive attack of brute force, it has been going on for a couple of weeks now, making use of approximately 2.8 million, the IP address of trying to challenge the credentials of the access to the different devices of the network, as well as a wall of fire, and the VPN, and the doors.
This type of attack involves the repeated attempts to identify by the use of a combination of the use of the name of the user, and the password until it is duhuri, allowing for the players in order of worst to compromise the devices, and they enter the network.
Large increase in web-login brute forcing attacks against the edge devices seen last few weeks in our honeypots, with up to 2.8 M, the IPs for the day, seen with attempts (especially Palo Alto Networks, Ivanti, SonicWall etc). Over the 1 METER from Brazil. The Source IPs shared in. https://t.co/kapIq2pIBI pic.twitter.com/LMhFEvAEEL
The Shadowserver Foundation (@Shadowserver) February 7, 2025
The Shadowserver Foundation is monitoring the account, and the only thing that as well as he began the attack last month, and it includes millions of the IP address on a daily basis. Many come from Brazil (1.1 million), followed by Turkey, Russia, Argentina, Morocco, and Mexico, but the phenomenon is widespread in many countries. The foundation, Shadowserver has been confirmed that the event there has been an increase in recent years.
The main objectives are the devices exposed to the internet to facilitate public access in the distance, such as the ruterat MikroTik, Huawei, Cisco, Voc, and ZTE, are often at risk of malware botnet. IP addresses to be included, distributed across a network of multiple systems services (AS), suggesting the use of a botnet-a, or the operation of the balloon residential. The latter are particularly sought in the midst of the actors in the cyber crime because the mask traffic, malicious, making it appear as if it comes from the user's use in the home.
Discussion about this post